CVE-2024-45625

Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator.
Configurations

Configuration 1 (hide)

cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*

History

10 Sep 2024, 11:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*
CWE CWE-79
References () https://jvn.jp/en/jp/JVN65724976/ - () https://jvn.jp/en/jp/JVN65724976/ - Third Party Advisory
References () https://plugins.trac.wordpress.org/changeset?new=3135507%40forminator%2Ftrunk%2Fassets%2Fjs%2Ffront%2Ffront.mergetags.js&old=3111152%40forminator%2Ftrunk%2Fassets%2Fjs%2Ffront%2Ffront.mergetags.js - () https://plugins.trac.wordpress.org/changeset?new=3135507%40forminator%2Ftrunk%2Fassets%2Fjs%2Ffront%2Ffront.mergetags.js&old=3111152%40forminator%2Ftrunk%2Fassets%2Fjs%2Ffront%2Ffront.mergetags.js - Patch
References () https://wordpress.org/plugins/forminator/ - () https://wordpress.org/plugins/forminator/ - Product
References () https://wpmudev.com/ - () https://wpmudev.com/ - Product
First Time Incsub forminator
Incsub

09 Sep 2024, 13:03

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de cross site scripting en las versiones de Forminator anteriores a la 1.34.1. Si se aprovecha esta vulnerabilidad, se puede ejecutar una secuencia de comandos arbitraria en el navegador web del usuario que siga una URL creada y acceda a la página web con el formulario web creado por Forminator.

09 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-09 05:15

Updated : 2024-09-10 11:19


NVD link : CVE-2024-45625

Mitre link : CVE-2024-45625

CVE.ORG link : CVE-2024-45625


JSON object : View

Products Affected

incsub

  • forminator
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')